[英]User.Identity.Name is null in my ASP.NET Core Web API
I have added ASP.NET Core identity and Identity Server4 in one project with one database, and I want to use my Identity Server in all other project.我在一个带有一个数据库的项目中添加了 ASP.NET 核心身份和身份服务器4,我想在所有其他项目中使用我的身份服务器。
IdentityServer4 Startup Class IdentityServer4 启动 Class
public class Startup
{
public IConfigurationRoot Config { get; set; }
public Startup(IConfiguration configuration)
{
Config = new ConfigurationBuilder()
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("appsettings.json", false)
.Build();
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
IdentityModelEventSource.ShowPII = true;
//=== Identity Config ===
string ConnectionString = Config.GetSection("AppSettings:DefaultConnection").Value;
var migrationAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
//-----------------------------------------------------------------
services.AddDbContext<MyIdentityDbContext>(options =>
options.UseSqlServer(ConnectionString, sql => sql.MigrationsAssembly(migrationAssembly)));
//-----------------------------------------------------------------
services.AddIdentity<MyIdentityUser, IdentityRole>(op =>
{
op.Password.RequireDigit = false;
op.Password.RequiredLength = 6;
op.Password.RequireUppercase = false;
op.Password.RequireLowercase = false;
op.Password.RequireNonAlphanumeric = false;
})
.AddEntityFrameworkStores<MyIdentityDbContext>()
.AddDefaultTokenProviders();
//=== IdentityServer4 config ===
services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
})
.AddDeveloperSigningCredential()
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = b => b.UseSqlServer(ConnectionString, sql => sql.MigrationsAssembly(migrationAssembly));
})
.AddOperationalStore(options =>
{
options.ConfigureDbContext = b => b.UseSqlServer(ConnectionString, sql => sql.MigrationsAssembly(migrationAssembly));
})
.AddAspNetIdentity<MyIdentityUser>();
services.AddMvc(options => options.EnableEndpointRouting = false);
services.AddAuthorization();
services.AddControllers();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseAuthentication();
app.UseRouting();
app.UseAuthorization();
app.UseIdentityServer();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
My config class that I have seed my identity database with that:我的配置 class 我已经用它作为我的身份数据库的种子:
public class Config
{
public static IEnumerable<IdentityResource> GetIdentityResources()
{
return new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Email(),
new IdentityResources.Profile(),
};
}
public static IEnumerable<ApiResource> GetApis()
{
return new List<ApiResource>
{
new ApiResource("MyAPI", "My asp.net core web api"),
};
}
public static IEnumerable<Client> GetClients()
{
return new List<Client>
{
new Client()
{
ClientId = "MyAndroidApp",
ClientName = "My Application for Android",
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedScopes=
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
IdentityServerConstants.StandardScopes.Address,
"MyAPI"
},
},
};
}
}
I have register a user with role Admin with below action method in User controller in my IdentityServer4&Identity project我在我的 IdentityServer4&Identity 项目中的用户 controller 中使用以下操作方法注册了一个角色为 Admin 的用户
[HttpPost]
public async Task<IActionResult> Post([FromBody]SignUpModel model)
{
MydentityUser NewUser = new MydentityUser ()
{
UserName = model.UserName,
};
IdentityResult result = await UserManager.CreateAsync(NewUser, model.Password);
if (result.Succeeded)
{
if (!RoleManager.RoleExistsAsync("Admin").Result)
{
IdentityResult r = RoleManager.CreateAsync(new IdentityRole("Admin")).Result;
r = RoleManager.CreateAsync(new IdentityRole("Member")).Result;
r = RoleManager.CreateAsync(new IdentityRole("Guest")).Result;
}
result = await UserManager.AddToRoleAsync(NewUser, "Admin");
if (result.Succeeded)
{
List<Claim> UserClaims = new List<Claim>() {
new Claim("userName", NewUser.UserName),
new Claim(JwtClaimTypes.Role, "Admin"),
};
result = await UserManager.AddClaimsAsync(NewUser, UserClaims.ToArray());
return Ok("Registered");
}
}
}
Now I have another ASP.NET Web API project that I want to use this api in my android application. Now I have another ASP.NET Web API project that I want to use this api in my android application.
My startup class我的启动 class
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Authority = "https://identity.mywebsite.ir";
options.RequireHttpsMetadata = false;
options.Audience = "MyAPI";
});
//I used below but not work too
//.AddIdentityServerAuthentication(options =>
//{
// options.Authority = "https://identity.mywebsite.ir";
// options.RequireHttpsMetadata = false;
// options.ApiName = "MyAPI";
// options.NameClaimType = ClaimTypes.Name;
// options.RoleClaimType = ClaimTypes.Role;
//});
services.AddOptions();
string cs = Configuration["AppSettings:DefaultConnection"];
services.AddDbContext<MyApiContext>(options =>
{
options.UseSqlServer(cs,
sqlServerOptions =>
{
sqlServerOptions.MigrationsAssembly("MyApi.Database");
});
});
services.AddControllers();
services.AddCors(options =>
{
options.AddPolicy("default", policy =>
{
policy.WithOrigins("*")
.AllowAnyHeader()
.AllowAnyMethod();
});
});
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseCors("default");
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
My Problem is how can I find userId in my Webapi when I have used user authentication with ASP.NET Core Identity in another project,我的问题是,当我在另一个项目中使用 ASP.NET Core Identity 的用户身份验证时,如何在我的 Webapi 中找到 userId,
I have below action method in my two project (my webapi and identityserver & identity project).我在我的两个项目(我的 webapi 和身份服务器和身份项目)中有以下操作方法。 I have get token from android application from /connect/token address and I send access token with my request.
我从 /connect/token 地址的 android 应用程序中获取了令牌,并随我的请求发送了访问令牌。
public class TestController : ControllerBase
{
public async Task<IActionResult> Index()
{
string message = "";
if (User.Identity.IsAuthenticated)
{
message += "You are Registered ";
}
else
{
message += "You are not Registered ";
}
if (string.IsNullOrWhiteSpace(User.Identity.Name))
{
message += "UserId is null";
}
else
{
message += "UserId is not null";
}
return Ok(message);
}
}
I get this message:我收到这条消息:
You are not registered UserId is null
你没有注册 UserId 是 null
How can I access to my UserId in my WebAPI?如何在我的 WebAPI 中访问我的 UserId? Why User.Identity.Name is null?
为什么 User.Identity.Name 是 null? Why is
User.Identity.Claims.Count
0?为什么
User.Identity.Claims.Count
为 0?
Edit编辑
I have entered the access token in jwt.io website, this is the output我在 jwt.io 网站中输入了访问令牌,这是 output
{
"nbf": 1587133648,
"exp": 1587137248,
"iss": "https://identity.mywebsite.ir",
"aud": "MyAPI",
"client_id": "MyAndroidApp",
"sub": "7e904278-78cc-46a8-9943-51dfeb360d8e",// I want this in my api but i get null
"auth_time": 1587133648,
"idp": "local",
"scope": [
"openid",
"MyAPI"
],
"amr": [
"pwd"
]
}
MyApi Startup Class MyApi 启动 Class
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "oidc";
})
.AddIdentityServerAuthentication(options =>
{
options.Authority = "https://identity.mywebsite.ir";
options.RequireHttpsMetadata = false;
options.ApiName = "MyAPI";
});
services.AddOptions();
string cs = Configuration["AppSettings:DefaultConnection"];
services.AddDbContext<MyCommonDbContext>(options =>
{
options.UseSqlServer(cs,
sqlServerOptions =>
{
sqlServerOptions.MigrationsAssembly("MyAppProjectName");
});
});
services.AddDbContext<MyAppContext>(options =>
{
options.UseSqlServer(cs,
sqlServerOptions =>
{
sqlServerOptions.MigrationsAssembly("MyAppProjectName");
});
});
services.AddControllers();
services.AddCors(options =>
{
options.AddPolicy("default", policy =>
{
policy.WithOrigins("http://*.mywebsite.ir")
.AllowAnyHeader()
.AllowAnyMethod();
});
});
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseCors("default");
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
In my case the problem was for that I did not add UserClaims to ApiResources so I changed the seeding ApiResource method like below and I added the the claims,在我的情况下,问题在于我没有将 UserClaims 添加到 ApiResources 所以我改变了播种 ApiResource 方法,如下所示,我添加了声明,
public static IEnumerable<ApiResource> GetApis()
{
return new List<ApiResource>
{
new ApiResource("MyAPI", "My Asp.net core WebApi,the best Webapi!"){
UserClaims =
{
JwtClaimTypes.Name,
JwtClaimTypes.Subject,
JwtClaimTypes.Role,
}
},
};
}
Now I will get the UserId and UserName with below code现在我将使用以下代码获取 UserId 和 UserName
public static class ClaimsPrincipalExtensions
{
public static string GetSub(this ClaimsPrincipal principal)
{
return principal?.FindFirst(x => x.Type.Equals("sub"))?.Value;
}
public static string GetEmail(this ClaimsPrincipal principal)
{
return principal?.FindFirst(x => x.Type.Equals("email"))?.Value;
}
}
Getting UserId获取用户 ID
string UserId=User.GetSub();
In the "MyApi" startup.cs file in ConfigureServices:在 ConfigureServices 的“MyApi”startup.cs 文件中:
1- make sure that you do this line of code right before AddAuthentication: JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); 1-确保在 AddAuthentication 之前执行这行代码: JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
Because (thank:!! to microsoft -_-) by default the claim type mapping for name is :因为(感谢:!! to microsoft -_-)默认情况下,名称的声明类型映射为:
http://schemas.microsoft.com/ws/2008/06/identity/claims/name (for name or something like this)http://schemas.microsoft.com/ws/2008/06/identity/claims/name (名称或类似名称)
http://schemas.microsoft.com/ws/2008/06/identity/claims/role .http://schemas.microsoft.com/ws/2008/06/identity/claims/role 。 ( for role )
(对于角色)
http://schemas.microsoft.com/ws/2008/06/identity/claims/nameidentifier ( for id) http://schemas.microsoft.com/ws/2008/06/identity/claims/nameidentifier (用于 id)
So you need clear this mapping because in your token the claim types are the jwt standard, sub == userid, and you don't embed name or roles for the moment based in your token that you shared因此,您需要清除此映射,因为在您的令牌中,声明类型是 jwt 标准,sub == userid,并且您暂时不会在您共享的令牌中嵌入名称或角色
by the way I usually use this part of code:顺便说一句,我通常使用这部分代码:
services.AddAuthentication("Bearer")
.AddJwtBearer("Bearer", options =>
{
options.Authority = "";
options.RequireHttpsMetadata = true;
options.Audience = "myapi";
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role",
};
});
You will need this part only:您将只需要这部分:
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role",
};
By the way keep require https is set to true not false.顺便说一句,要求 https 设置为 true 而不是 false。
For UserId I think only clearing the default inbound type is enough.对于 UserId 我认为只清除默认的入站类型就足够了。
I am not sure if you really need the second step but just double check:我不确定您是否真的需要第二步,但请仔细检查:
2- make sure that AuthenticationScheme value is "Bearer": options.DefaultAuthenticateScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme; 2-确保 AuthenticationScheme 值为“Bearer”:options.DefaultAuthenticateScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
3- in IdentityServer4 startup 3- 在 IdentityServer4 启动
please keep the UseAuthentication after UseRouting not before (It is not related to your question but I just noticed that)请不要在 UseRouting 之后保留 UseAuthentication (这与您的问题无关,但我刚刚注意到)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.